Monday, July 25, 2022

Missed Security Updates Due to Content Caching

Howard Oakley:

The assumption is that, if you follow Apple’s guidance with automatic updates enabled, when Software Update reports your Mac is up to date, then everything is hunky dory.

[…]

In my case, as with many, when any of my Macs tries to download and install security data updates from my Content Caching server, they fail to install. Disable that server, so those Macs are forced to connect direct to Apple’s servers, and the same updates install first time, without error.

[As] a matter of policy, Apple doesn’t inform users when it pushes security data updates, nor does it reveal their current versions, nor is it easy to discover whether anything is wrong with the software update process. Unless you use third-party software and sites like this, your Mac(s) could have failed to install every one of the six security updates pushed by Apple since problems started in early June, and you’d be none the wiser.

Update (2022-07-28): Nicholas Riley:

Disabling the server, clearing the cache and reenabling did NOT work for us; had to disable then use “silnite au” to check for/install updates.

Rich Siegel:

I can confirm this has happened to me as well.

Update (2022-08-08): Howard Oakley:

After reporting this to Apple via Feedback, and supplying sysdiagnoses to help its engineers get to the bottom of the problem, I was finally told that the problem had been fixed a week or so ago. On Thursday 4 August it had the first chance to try out the latest security update, and I’m delighted to report that everything worked as it should: all four of my Macs downloaded and installed that update successfully.

Update (2022-08-29): Howard Oakley:

While my Content Caching server worked fine for the macOS security update, the old problem returned with the two security data updates the following day. Just as before, the workaround was to temporarily disable the service, force the updates on other local Macs, then to enable Content Caching again.

This is a reversion to the behaviour of June and July, which can leave client Macs with old versions of macOS security data updates, which is a serious security problem.

1 Comment RSS · Twitter


What is Apple waiting to fix such critical problem?

Leave a Comment